Protected Health Information:
HIPAA PHI and HIPAA Data

What Does PHI Stand For in Healthcare?

The PHI acronym stands for protected health information, also known as HIPAA data. The Health Insurance Portability and Accountability Act (HIPAA) mandates that PHI in healthcare must be safeguarded. As such healthcare organizations must be aware of what is considered PHI.

What is PHI?

You might be wondering about the PHI definition. HIPAA protected health information (PHI), also known as HIPAA data, is any piece of information in an individual’s medical record that was created, used, or disclosed during the course of diagnosis or treatment that can be used to personally identify them. The meaning of PHI includes a wide variety of identifiers and different information recorded throughout the course of routine treatment and billing. Collecting PHI is a necessary component of the healthcare industry, and it needs to be attended to with the proper safeguards.

what is PHI

You might be wondering, what is covered under HIPAA? Below, we’ve listed 18 types of HIPAA data that qualify as HIPAA protected health information (PHI) identifiers according to guidance from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Examples of PHI include:

  1. Name
  2. Address (including subdivisions smaller than state such as street address, city, county, or zip code)
  3. Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate/license number
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voice prints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics, or codes

Handling Protected Health Information?

See how we keep your business and it’s PHI safe.

Become HIPAA Compliant

What is ePHI?

Electronic protected health information (ePHI) is any PHI that is created, stored, transmitted, or received electronically. The HIPAA Security Rule has specific guidelines in place that dictate the means involved in assessing ePHI.

Media used to store data, including:

  • Personal computers with internal hard drives used at work, home, or while traveling
  • External portable hard drives
  • Magnetic tape
  • Removable storage devices, including USB drives, CDs, DVDs, and SD cards
  • Smartphones and PDAs

Means of transmitting data via wi-fi, Ethernet, modem, DSL, or cable network connections including:

  • Email
  • File transfers

PHI and HIPAA

The HIPAA Privacy Rule provides federal protections for PHI that’s held by Covered Entities (CEs) and gives patients rights over that information, as well as guidance for healthcare organizations regarding how to protect PHI. The Privacy Rule allows PHI to be disclosed as a result of patient care, but has strict guidelines in place for maintaining the integrity and security of that information while it’s being stored or otherwise processed. There are specific measures within the Rule that require comprehensive administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of PHI is being properly maintained.

HIPAA Data Storage, Cloud Storage, and ePHI

It’s important to note that HIPAA regulation treats HIPAA data storage companies as Business Associates (BAs). The regulation accounts for the storage of physical and digital data, meaning that cloud storage services qualify as BAs even if the organization rarely, randomly, or never accesses or views the ePHI that they store.